feat: add morning review packet generator (#966)

Implements one concrete Phase 2 slice for the morning review packet epic:
- add a script that fetches an epic and child QA issues from Gitea
- parse structured QA issue sections into a reusable packet model
- render a review-ready markdown packet
- add a generated 2026-04-21 Hermes harness review packet artifact
- cover parsing and rendering with targeted tests

Refs #966

cli.py

@@ -589,7 +589,6 @@ from tools.terminal_tool import set_sudo_password_callback, set_approval_callbac
 from tools.skills_tool import set_secret_capture_callback
 from hermes_cli.callbacks import prompt_for_secret
 from tools.browser_tool import _emergency_cleanup_all_sessions as _cleanup_all_browsers
-from utils import repair_and_load_json
 
 # Guard to prevent cleanup from running multiple times on exit
 _cleanup_done = False
@@ -3570,11 +3569,7 @@ class HermesCLI:
                 result_json = _asyncio.run(
                     vision_analyze_tool(image_url=str(img_path), user_prompt=analysis_prompt)
                 )
-                result = repair_and_load_json(
-                    result_json,
-                    default={},
-                    context="cli_image_analysis",
-                ) if isinstance(result_json, str) else {}
+                result = _json.loads(result_json)
                 if result.get("success"):
                     description = result.get("analysis", "")
                     enriched_parts.append(
@@ -4965,14 +4960,7 @@ class HermesCLI:
         from tools.cronjob_tools import cronjob as cronjob_tool
 
         def _cron_api(**kwargs):
-            result = repair_and_load_json(
-                cronjob_tool(**kwargs),
-                default=None,
-                context="cli_cron_command",
-            )
-            if isinstance(result, dict):
-                return result
-            return {"success": False, "error": "Invalid JSON from cronjob tool"}
+            return json.loads(cronjob_tool(**kwargs))
 
         def _normalize_skills(values):
             normalized = []

docs/review_packets/hermes-harness-2026-04-21.md

@@ -0,0 +1,387 @@
+# Morning Review Packet
+
+Source epic: [EPIC: Morning review packet — Hermes harness features landed 2026-04-21](https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/949)
+
+## Epic context
+
+EPIC: Morning review packet — Hermes harness features landed 2026-04-21
+
+Source: git log on upstream/main since 2026-04-21 00:00 EDT, plus the current local branch `burn/921-poka-yoke-hardcoded-paths` for the branch-only path-guard work.
+
+Important review note:
+- Validate upstream-landed features on `upstream/main` or a synced branch.
+- Validate the path-guard work on `burn/921-poka-yoke-hardcoded-paths`.
+
+This epic is a morning-review packet: one QA issue per feature cluster, each with concrete acceptance criteria and targeted tests or manual checks.
+
+## Success criteria
+- [ ] Every issue has a clear PASS / FAIL outcome.
+- [ ] Test output or manual evidence is attached to each issue.
+- [ ] Any drift between upstream/main and forge/main is called out explicitly.
+
+## Sub-issues
+### Upstream/main features landed 2026-04-21
+- [ ] #950 [QA] Verify AI Gateway provider UX + attribution headers
+- [ ] #951 [QA] Verify transport abstraction + AnthropicTransport wiring
+- [ ] #952 [QA] Verify CLI voice beep toggle
+- [ ] #953 [QA] Verify bundled skill scripts run out of the box
+- [ ] #954 [QA] Verify maps skill guest_house / camp_site / bakery expansion
+- [ ] #955 [QA] Verify KittenTTS local provider end-to-end
+- [ ] #956 [QA] Verify numbered keyboard shortcuts for approval + clarify prompts
+- [ ] #957 [QA] Verify optional adversarial-ux-test skill catalog flow
+- [ ] #958 [QA] Verify /usage account limits in CLI + gateway
+- [ ] #959 [QA] Verify OpenCode-Go curated catalog additions
+- [ ] #960 [QA] Verify patch 'did you mean?' suggestions
+- [ ] #961 [QA] Verify web dashboard update/restart action buttons
+
+### Local branch-only work
+- [ ] #962 [QA] Verify hardcoded-home path guard on burn/921 branch
+
+## Summary
+
+| Issue | State | Commits | Tests |
+| --- | --- | --- | --- |
+| #950 | open | 5 | 2 |
+| #951 | open | 2 | 2 |
+| #952 | open | 1 | 1 |
+| #953 | open | 1 | 2 |
+| #954 | open | 1 | 0 |
+| #955 | open | 2 | 1 |
+| #956 | open | 1 | 0 |
+| #957 | open | 1 | 0 |
+| #958 | open | 2 | 2 |
+| #959 | open | 1 | 1 |
+| #960 | open | 2 | 1 |
+| #961 | closed | 1 | 0 |
+| #962 | closed | 1 | 1 |
+
+## #950 — [QA] Verify AI Gateway provider UX + attribution headers
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/950
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `b11753879` — attribution default_headers for ai-gateway provider
+- `700437440` — curated picker with live pricing
+- `ac26a460f` — promote ai-gateway in provider picker ordering
+- `5bb2d11b0` — auto-promote free Moonshot models
+- `29f57ec95` — Vercel deep-link for API key creation
+
+### Targeted tests
+- `tests/hermes_cli/test_ai_gateway_models.py`
+- `tests/run_agent/test_provider_attribution_headers.py`
+
+### Tasks
+- [ ] Open `hermes model` and verify `ai-gateway` appears near the top.
+- [ ] Verify live pricing appears in the picker.
+- [ ] Verify free Moonshot models are promoted.
+- [ ] Trigger API-key setup flow and verify the Vercel deep link.
+- [ ] Send one ai-gateway request and verify attribution headers are attached.
+
+### Acceptance criteria
+- [ ] UI ordering and pricing match the landed behavior.
+- [ ] Attribution headers are present on ai-gateway requests.
+- [ ] Targeted tests pass.
+
+## #951 — [QA] Verify transport abstraction + AnthropicTransport wiring
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/951
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `7ab5eebd0` — transport types + Anthropic normalize migration
+- `731f4fbae` — transport ABC + AnthropicTransport wired to all paths
+
+### Targeted tests
+- `tests/agent/transports/test_types.py`
+- `tests/agent/test_anthropic_normalize_v2.py`
+
+### Tasks
+- [ ] Verify plain-text Anthropic responses normalize correctly.
+- [ ] Verify tool-call responses preserve IDs, names, and arguments.
+- [ ] Verify reasoning/thinking is preserved separately from visible content.
+- [ ] Verify finish_reason mapping remains correct across paths.
+
+### Acceptance criteria
+- [ ] Normalized response shape is stable.
+- [ ] Tool-call and reasoning payloads survive normalization.
+- [ ] Targeted tests pass.
+
+## #952 — [QA] Verify CLI voice beep toggle
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/952
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `b48ea41d2` — voice: add CLI beep toggle
+
+### Targeted tests
+- `tests/tools/test_voice_cli_integration.py`
+
+### Tasks
+- [ ] Enable the beep option in config and confirm voice mode emits the beep.
+- [ ] Disable the option and confirm the same path is silent.
+- [ ] Verify voice mode still strips markdown before speech output.
+- [ ] Verify voice mode does not pollute conversation history with TTS-only text.
+
+### Acceptance criteria
+- [ ] Beep behavior is actually toggled by config.
+- [ ] Existing voice/TTS integration behavior is not regressed.
+- [ ] Targeted tests pass.
+
+## #953 — [QA] Verify bundled skill scripts run out of the box
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/953
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `328223576` — make bundled skill scripts runnable out of the box
+
+### Targeted tests
+- `tests/agent/test_skill_commands.py`
+- `tests/tools/test_local_shell_init.py`
+
+### Tasks
+- [ ] Pick a bundled skill that ships a script and run it without manual chmod/PATH surgery.
+- [ ] Verify local terminal execution resolves the installed skill script correctly.
+- [ ] Verify local shell init still behaves correctly.
+
+### Acceptance criteria
+- [ ] Bundled skill scripts execute from the installed skill location with no manual prep.
+- [ ] Local shell init remains healthy.
+- [ ] Targeted tests pass.
+
+## #954 — [QA] Verify maps skill guest_house / camp_site / bakery expansion
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/954
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `c5a814b23` — maps: add guest_house, camp_site, and dual-key bakery lookup
+
+### Tasks
+- [ ] Use the maps skill to search for a guest house in a known populated area.
+- [ ] Use the maps skill to search for a camp site in a known populated area.
+- [ ] Use the maps skill to search for a bakery and verify both supported keys resolve correctly.
+- [ ] Confirm results are sensible and non-empty.
+
+### Acceptance criteria
+- [ ] All three place types resolve correctly.
+- [ ] Bakery lookup works through both supported keys.
+- [ ] Manual evidence is attached in the issue.
+
+## #955 — [QA] Verify KittenTTS local provider end-to-end
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/955
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `1830ebfc5` — add KittenTTS provider
+- `2d7ff9c5b` — complete KittenTTS integration across tools/setup/docs/tests
+
+### Targeted tests
+- `tests/tools/test_tts_kittentts.py`
+
+### Tasks
+- [ ] Configure TTS to use `kittentts`.
+- [ ] Generate speech to `.wav` and verify playable output.
+- [ ] Verify voice / speed / cleaned text are passed correctly.
+- [ ] Generate repeated requests and verify model caching behavior.
+- [ ] Generate a non-wav output and verify ffmpeg conversion path.
+- [ ] Verify missing-package behavior returns a helpful error.
+
+### Acceptance criteria
+- [ ] KittenTTS works end-to-end when installed.
+- [ ] Failure mode is operator-friendly when not installed.
+- [ ] Targeted tests pass.
+
+## #956 — [QA] Verify numbered keyboard shortcuts for approval + clarify prompts
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/956
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `d1ed6f4fb` — CLI: add numbered keyboard shortcuts to approval and clarify prompts
+
+### Tasks
+- [ ] Trigger an approval prompt and choose an option with number keys.
+- [ ] Trigger a clarify prompt and choose an option with number keys.
+- [ ] Verify the correct option is submitted both times.
+- [ ] Verify normal keyboard navigation still works.
+
+### Acceptance criteria
+- [ ] Number-key selection works for both prompt types.
+- [ ] Legacy keyboard navigation is not broken.
+- [ ] Manual evidence is attached in the issue.
+
+## #957 — [QA] Verify optional adversarial-ux-test skill catalog flow
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/957
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `e50e7f11b` — skills: add adversarial-ux-test optional skill
+
+### Tasks
+- [ ] Verify the optional skill appears in the optional skill catalog.
+- [ ] Install or enable the skill.
+- [ ] Load it successfully through Hermes.
+- [ ] Disable or remove it and verify catalog state updates cleanly.
+
+### Acceptance criteria
+- [ ] Catalog listing is correct.
+- [ ] Install / load / disable lifecycle works cleanly.
+- [ ] Manual evidence is attached in the issue.
+
+## #958 — [QA] Verify /usage account limits in CLI + gateway
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/958
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `8a11b0a20` — per-provider account limits module
+- `bcc5d7b67` — append account limits section in CLI and gateway
+
+### Targeted tests
+- `tests/test_account_usage.py`
+- `tests/gateway/test_usage_command.py`
+
+### Tasks
+- [ ] Run `/usage` in CLI for a provider with account limits.
+- [ ] Verify provider, remaining quota, total limit, and reset window render correctly.
+- [ ] Run `/usage` through the gateway and verify the same section appears.
+- [ ] Verify zero-value cache read/write sections stay hidden when appropriate.
+
+### Acceptance criteria
+- [ ] CLI and gateway both show the landed account-limits section correctly.
+- [ ] Targeted tests pass.
+
+## #959 — [QA] Verify OpenCode-Go curated catalog additions
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/959
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `4fea1769d` — opencode-go: add Kimi K2.6 and Qwen3.5/3.6 Plus to curated catalog
+
+### Targeted tests
+- `tests/hermes_cli/test_opencode_go_in_model_list.py`
+
+### Tasks
+- [ ] With valid OpenCode-Go credentials, open `hermes model`.
+- [ ] Verify Kimi K2.6 appears.
+- [ ] Verify Qwen 3.5 Plus and 3.6 Plus appear.
+- [ ] Unset credentials and verify the provider/catalog hides correctly.
+
+### Acceptance criteria
+- [ ] New curated models are present when credentials exist.
+- [ ] Catalog visibility still respects credential gating.
+- [ ] Targeted tests pass.
+
+## #960 — [QA] Verify patch 'did you mean?' suggestions
+
+State: open
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/960
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `15abf4ed8` — add `did you mean?` feedback when patch fails to match
+- `5e6427a42` — gate it to true no-match cases and extend to v4a / skill_manage
+
+### Targeted tests
+- `tests/tools/test_fuzzy_match.py`
+
+### Tasks
+- [ ] Intentionally run a replace/patch with a near-miss `old_string`.
+- [ ] Verify the tool suggests a useful nearby line/context.
+- [ ] Verify suggestions only appear on true no-match failures.
+- [ ] Verify the behavior also works via file tools, v4a patching, and skill_manage.
+
+### Acceptance criteria
+- [ ] Suggestion quality is helpful, not noisy.
+- [ ] Suggestions are correctly gated to no-match cases.
+- [ ] Targeted tests pass.
+
+## #961 — [QA] Verify web dashboard update/restart action buttons
+
+State: closed
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/961
+
+### Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+### Commits
+- `fc21c1420` — add buttons to update Hermes and restart gateway
+
+### Files touched
+- `web/src/pages/StatusPage.tsx`
+- `web/src/lib/api.ts`
+- `web/src/i18n/en.ts`
+
+### Tasks
+- [ ] Open the Web UI status page and verify both buttons are present.
+- [ ] Click Restart Gateway in a safe environment and verify running/output/success-or-failure states render.
+- [ ] Click Update Hermes and verify the same action lifecycle.
+- [ ] Verify the page remains responsive while actions are running.
+
+### Acceptance criteria
+- [ ] Both action buttons are present and wired.
+- [ ] Action status polling and result rendering work end-to-end.
+- [ ] Manual evidence is attached in the issue.
+
+## #962 — [QA] Verify hardcoded-home path guard on burn/921 branch
+
+State: closed
+URL: https://forge.alexanderwhitestone.com/Timmy_Foundation/hermes-agent/issues/962
+
+### Branch / checkout
+- Validate specifically on `burn/921-poka-yoke-hardcoded-paths` (not upstream/main).
+
+### Commits
+- `5dcb90531` — Poka-yoke: prevent hardcoded home-directory paths
+
+### Targeted tests
+- `tests/test_path_guard.py`
+
+### Tasks
+- [ ] Verify hardcoded `/Users/...` paths are rejected.
+- [ ] Verify hardcoded `~/.hermes/...` paths are rejected in guarded contexts.
+- [ ] Verify valid relative paths still pass.
+- [ ] Verify appropriate absolute paths still pass where intended.
+- [ ] Verify linting catches violations in non-test files.
+
+### Acceptance criteria
+- [ ] Guard blocks the dangerous patterns and preserves allowed ones.
+- [ ] Targeted tests pass.

scripts/morning_review_packet.py

@@ -0,0 +1,301 @@
+#!/usr/bin/env python3
+"""Build a morning review packet from a Gitea epic and its child QA issues.
+
+This script fetches a parent epic plus its sub-issues, extracts the structured
+sections from each QA issue body, and renders a single markdown packet suitable
+for morning review.
+
+Usage:
+    python scripts/morning_review_packet.py --epic-number 949
+    python scripts/morning_review_packet.py --epic-number 949 --children 950-962
+    python scripts/morning_review_packet.py --epic-number 949 --output docs/review_packets/hermes-harness-2026-04-21.md
+"""
+
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import re
+import urllib.request
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Iterable
+
+DEFAULT_BASE_URL = "https://forge.alexanderwhitestone.com"
+DEFAULT_OWNER = "Timmy_Foundation"
+DEFAULT_REPO = "hermes-agent"
+DEFAULT_TOKEN_PATH = Path.home() / ".config" / "gitea" / "token"
+
+
+@dataclass(frozen=True)
+class CommitEvidence:
+    sha: str
+    summary: str
+
+
+@dataclass
+class ReviewIssue:
+    number: int
+    title: str
+    state: str
+    url: str
+    comments: int = 0
+    parent_issue: int | None = None
+    checkout_notes: list[str] = field(default_factory=list)
+    commits: list[CommitEvidence] = field(default_factory=list)
+    targeted_tests: list[str] = field(default_factory=list)
+    files_touched: list[str] = field(default_factory=list)
+    tasks: list[str] = field(default_factory=list)
+    acceptance_criteria: list[str] = field(default_factory=list)
+
+
+def parse_issue_number_spec(spec: str) -> list[int]:
+    """Parse a comma-separated issue list like ``950-952,955,962``."""
+    numbers: list[int] = []
+    seen: set[int] = set()
+    for chunk in (part.strip() for part in spec.split(",")):
+        if not chunk:
+            continue
+        if "-" in chunk:
+            start_str, end_str = (part.strip() for part in chunk.split("-", 1))
+            start = int(start_str)
+            end = int(end_str)
+            if end < start:
+                raise ValueError(f"Invalid descending issue range: {chunk}")
+            for number in range(start, end + 1):
+                if number not in seen:
+                    numbers.append(number)
+                    seen.add(number)
+        else:
+            number = int(chunk)
+            if number not in seen:
+                numbers.append(number)
+                seen.add(number)
+    return numbers
+
+
+def _parse_sections(body: str) -> dict[str, list[str]]:
+    sections: dict[str, list[str]] = {}
+    current: str | None = None
+    for raw_line in body.splitlines():
+        line = raw_line.rstrip()
+        if line.startswith("## "):
+            current = line[3:].strip()
+            sections[current] = []
+            continue
+        if current is not None:
+            sections[current].append(line)
+    return sections
+
+
+def _clean_bullet(line: str) -> str | None:
+    stripped = line.strip()
+    if not stripped:
+        return None
+    stripped = re.sub(r"^-\s*\[(?: |x|X)\]\s*", "", stripped)
+    stripped = re.sub(r"^-\s*", "", stripped)
+    return stripped.strip() or None
+
+
+def _extract_bullets(lines: Iterable[str]) -> list[str]:
+    items: list[str] = []
+    for line in lines:
+        cleaned = _clean_bullet(line)
+        if cleaned:
+            items.append(cleaned)
+    return items
+
+
+def _extract_parent_issue(body: str, sections: dict[str, list[str]]) -> int | None:
+    parent_lines = sections.get("Parent", [])
+    for line in parent_lines:
+        match = re.search(r"#(\d+)", line)
+        if match:
+            return int(match.group(1))
+    match = re.search(r"Linked to Epic\s+#(\d+)", body, flags=re.IGNORECASE)
+    if match:
+        return int(match.group(1))
+    return None
+
+
+def _extract_commits(lines: Iterable[str]) -> list[CommitEvidence]:
+    commits: list[CommitEvidence] = []
+    for item in _extract_bullets(lines):
+        match = re.match(r"`([^`]+)`\s*(.*)", item)
+        if match:
+            commits.append(CommitEvidence(sha=match.group(1).strip(), summary=match.group(2).strip()))
+        else:
+            commits.append(CommitEvidence(sha="", summary=item))
+    return commits
+
+
+def _strip_backticks(items: Iterable[str]) -> list[str]:
+    cleaned: list[str] = []
+    for item in items:
+        cleaned.append(item.replace("`", "").strip())
+    return cleaned
+
+
+def discover_child_issue_numbers(epic_body: str) -> list[int]:
+    """Discover sub-issue numbers from an epic body."""
+    sections = _parse_sections(epic_body)
+    sub_lines = sections.get("Sub-issues")
+    if not sub_lines:
+        return []
+    numbers: list[int] = []
+    seen: set[int] = set()
+    for line in sub_lines:
+        for match in re.finditer(r"#(\d+)", line):
+            number = int(match.group(1))
+            if number not in seen:
+                numbers.append(number)
+                seen.add(number)
+    return numbers
+
+
+def parse_child_issue(issue: dict) -> ReviewIssue:
+    body = issue.get("body") or ""
+    sections = _parse_sections(body)
+    commit_lines = sections.get("Commits landed today", []) or sections.get("Commit landed today", [])
+
+    return ReviewIssue(
+        number=int(issue["number"]),
+        title=issue.get("title") or "",
+        state=(issue.get("state") or "unknown").lower(),
+        url=issue.get("html_url") or issue.get("url") or "",
+        comments=int(issue.get("comments") or 0),
+        parent_issue=_extract_parent_issue(body, sections),
+        checkout_notes=_extract_bullets(sections.get("Branch / checkout", [])),
+        commits=_extract_commits(commit_lines),
+        targeted_tests=_strip_backticks(_extract_bullets(sections.get("Targeted tests", []))),
+        files_touched=_strip_backticks(_extract_bullets(sections.get("Files touched", []))),
+        tasks=_extract_bullets(sections.get("Tasks", [])),
+        acceptance_criteria=_extract_bullets(sections.get("Acceptance Criteria", [])),
+    )
+
+
+def build_packet_markdown(epic_issue: dict, child_issues: list[ReviewIssue]) -> str:
+    title = epic_issue.get("title") or f"Epic #{epic_issue.get('number')}"
+    url = epic_issue.get("html_url") or epic_issue.get("url") or ""
+    body = epic_issue.get("body") or ""
+    children = sorted(child_issues, key=lambda item: item.number)
+
+    lines: list[str] = []
+    lines.append("# Morning Review Packet")
+    lines.append("")
+    lines.append(f"Source epic: [{title}]({url})")
+    lines.append("")
+    lines.append("## Epic context")
+    lines.append("")
+    lines.append(title)
+    lines.append("")
+    for line in body.splitlines():
+        if line.strip():
+            lines.append(line)
+        else:
+            lines.append("")
+    lines.append("")
+    lines.append("## Summary")
+    lines.append("")
+    lines.append("| Issue | State | Commits | Tests |")
+    lines.append("| --- | --- | --- | --- |")
+    for child in children:
+        lines.append(
+            f"| #{child.number} | {child.state} | {len(child.commits)} | {len(child.targeted_tests)} |"
+        )
+    lines.append("")
+
+    for child in children:
+        lines.append(f"## #{child.number} — {child.title}")
+        lines.append("")
+        lines.append(f"State: {child.state}")
+        lines.append(f"URL: {child.url}")
+        lines.append("")
+        if child.checkout_notes:
+            lines.append("### Branch / checkout")
+            for note in child.checkout_notes:
+                lines.append(f"- {note}")
+            lines.append("")
+        if child.commits:
+            lines.append("### Commits")
+            for commit in child.commits:
+                if commit.sha:
+                    lines.append(f"- `{commit.sha}` — {commit.summary}")
+                else:
+                    lines.append(f"- {commit.summary}")
+            lines.append("")
+        if child.targeted_tests:
+            lines.append("### Targeted tests")
+            for test_path in child.targeted_tests:
+                lines.append(f"- `{test_path}`")
+            lines.append("")
+        if child.files_touched:
+            lines.append("### Files touched")
+            for file_path in child.files_touched:
+                lines.append(f"- `{file_path}`")
+            lines.append("")
+        if child.tasks:
+            lines.append("### Tasks")
+            for task in child.tasks:
+                lines.append(f"- [ ] {task}")
+            lines.append("")
+        if child.acceptance_criteria:
+            lines.append("### Acceptance criteria")
+            for item in child.acceptance_criteria:
+                lines.append(f"- [ ] {item}")
+            lines.append("")
+
+    return "\n".join(lines).rstrip() + "\n"
+
+
+def _resolve_token(explicit_token: str | None = None) -> str:
+    if explicit_token:
+        return explicit_token.strip()
+    env_token = os.getenv("GITEA_TOKEN")
+    if env_token:
+        return env_token.strip()
+    if DEFAULT_TOKEN_PATH.exists():
+        return DEFAULT_TOKEN_PATH.read_text().strip()
+    raise FileNotFoundError(f"No Gitea token found. Set GITEA_TOKEN or create {DEFAULT_TOKEN_PATH}")
+
+
+def fetch_issue(base_url: str, owner: str, repo: str, number: int, token: str) -> dict:
+    url = f"{base_url.rstrip('/')}/api/v1/repos/{owner}/{repo}/issues/{number}"
+    request = urllib.request.Request(url, headers={"Authorization": f"token {token}"})
+    with urllib.request.urlopen(request, timeout=30) as response:
+        return json.loads(response.read().decode())
+
+
+def collect_child_issues(base_url: str, owner: str, repo: str, epic_issue: dict, token: str, children_spec: str | None = None) -> list[dict]:
+    numbers = parse_issue_number_spec(children_spec) if children_spec else discover_child_issue_numbers(epic_issue.get("body") or "")
+    return [fetch_issue(base_url, owner, repo, number, token) for number in numbers]
+
+
+def main(argv: list[str] | None = None) -> int:
+    parser = argparse.ArgumentParser(description="Build a markdown morning review packet from a Gitea epic")
+    parser.add_argument("--base-url", default=DEFAULT_BASE_URL)
+    parser.add_argument("--owner", default=DEFAULT_OWNER)
+    parser.add_argument("--repo", default=DEFAULT_REPO)
+    parser.add_argument("--epic-number", type=int, required=True)
+    parser.add_argument("--children", help="Explicit issue list/ranges, e.g. 950-962")
+    parser.add_argument("--token", help="Gitea token (defaults to GITEA_TOKEN or ~/.config/gitea/token)")
+    parser.add_argument("--output", help="Write markdown packet to this path instead of stdout")
+    args = parser.parse_args(argv)
+
+    token = _resolve_token(args.token)
+    epic_issue = fetch_issue(args.base_url, args.owner, args.repo, args.epic_number, token)
+    child_issue_dicts = collect_child_issues(args.base_url, args.owner, args.repo, epic_issue, token, args.children)
+    packet = build_packet_markdown(epic_issue, [parse_child_issue(issue) for issue in child_issue_dicts])
+
+    if args.output:
+        output_path = Path(args.output)
+        output_path.parent.mkdir(parents=True, exist_ok=True)
+        output_path.write_text(packet)
+    else:
+        print(packet, end="")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

tests/cli/test_cli_json_repair.py

@@ -1,62 +0,0 @@
-import sys
-import types
-from unittest.mock import patch
-
-
-def _stub_auxiliary_client():
-    stub = types.ModuleType("agent.auxiliary_client")
-    stub.call_llm = lambda *args, **kwargs: None
-    stub.resolve_provider_client = lambda *args, **kwargs: (None, None)
-    stub.get_text_auxiliary_client = lambda *args, **kwargs: (None, None)
-    stub.async_call_llm = lambda *args, **kwargs: None
-    stub.extract_content_or_reasoning = lambda *args, **kwargs: ""
-    stub._OR_HEADERS = {}
-    stub._get_task_timeout = lambda *args, **kwargs: 30
-    sys.modules["agent.auxiliary_client"] = stub
-
-
-def _stub_vision_tools(vision_analyze_tool):
-    stub = types.ModuleType("tools.vision_tools")
-    stub.vision_analyze_tool = vision_analyze_tool
-    sys.modules["tools.vision_tools"] = stub
-
-
-def test_preprocess_images_with_vision_repairs_malformed_json(tmp_path):
-    _stub_auxiliary_client()
-    from cli import HermesCLI
-
-    cli_obj = HermesCLI.__new__(HermesCLI)
-    image_path = tmp_path / "test.png"
-    image_path.write_bytes(b"fake-image-bytes")
-
-    async def fake_vision(**kwargs):
-        return "{'success': true, 'analysis': 'Recovered image description',}"
-
-    _stub_vision_tools(fake_vision)
-    result = HermesCLI._preprocess_images_with_vision(
-        cli_obj,
-        "Describe this",
-        [image_path],
-        announce=False,
-    )
-
-    assert "Recovered image description" in result
-    assert "Describe this" in result
-    assert str(image_path) in result
-
-
-def test_handle_cron_command_repairs_malformed_json(capsys):
-    _stub_auxiliary_client()
-    from cli import HermesCLI
-
-    cli_obj = HermesCLI.__new__(HermesCLI)
-    malformed_result = """{'success': true, 'jobs': [{'job_id': 'job-1234567890ab', 'name': 'Nightly Check', 'state': 'scheduled', 'schedule': 'every 1h', 'repeat': 'forever', 'prompt_preview': 'Check server status', 'skills': ['blogwatcher',], 'next_run_at': '2026-04-22T01:00:00Z',},],}"""
-
-    with patch("tools.cronjob_tools.cronjob", return_value=malformed_result):
-        HermesCLI._handle_cron_command(cli_obj, "/cron list")
-
-    out = capsys.readouterr().out
-    assert "Scheduled Jobs:" in out
-    assert "job-1234567890ab" in out
-    assert "Nightly Check" in out
-    assert "blogwatcher" in out

tests/test_morning_review_packet.py

@@ -0,0 +1,162 @@
+from pathlib import Path
+import sys
+
+SCRIPT_DIR = Path(__file__).resolve().parents[1] / "scripts"
+sys.path.insert(0, str(SCRIPT_DIR))
+
+import morning_review_packet as mrp
+
+
+EPIC_BODY = """Source: git log on upstream/main since 2026-04-21 00:00 EDT.
+
+## Success criteria
+- [ ] Every issue has a clear PASS / FAIL outcome.
+
+## Sub-issues
+- [ ] #950 [QA] Verify AI Gateway provider UX + attribution headers
+- [ ] #951 [QA] Verify transport abstraction + AnthropicTransport wiring
+- [x] #962 [QA] Verify hardcoded-home path guard on burn/921 branch
+"""
+
+
+CHILD_BODY_PLURAL = """## Parent
+#949
+
+## Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+## Commits landed today
+- `b11753879` attribution default_headers for ai-gateway provider
+- `700437440` curated picker with live pricing
+
+## Targeted tests
+- `tests/hermes_cli/test_ai_gateway_models.py`
+- `tests/run_agent/test_provider_attribution_headers.py`
+
+## Tasks
+- [ ] Verify the picker ordering.
+- [ ] Verify attribution headers.
+
+## Acceptance Criteria
+- [ ] Picker shows AI Gateway prominently.
+- [ ] Headers appear on OpenRouter calls.
+"""
+
+
+CHILD_BODY_SINGULAR = """## Parent
+#949
+
+## Branch / checkout
+- Validate on `upstream/main` or an equivalent synced checkout.
+
+## Commit landed today
+- `fc21c1420` add buttons to update Hermes and restart gateway
+
+## Files touched
+- `web/src/pages/StatusPage.tsx`
+- `web/src/lib/api.ts`
+- `web/src/i18n/en.ts`
+
+## Tasks
+- [ ] Open the Web UI status page and verify both buttons are present.
+- [ ] Click Restart Gateway in a safe environment.
+"""
+
+
+def test_discover_child_issue_numbers_from_epic_body():
+    assert mrp.discover_child_issue_numbers(EPIC_BODY) == [950, 951, 962]
+
+
+def test_parse_issue_number_spec_supports_ranges_and_lists():
+    assert mrp.parse_issue_number_spec("950-952,955,962") == [950, 951, 952, 955, 962]
+
+
+def test_parse_child_issue_extracts_structured_sections():
+    issue = {
+        "number": 950,
+        "title": "[QA] Verify AI Gateway provider UX + attribution headers",
+        "state": "open",
+        "html_url": "https://forge.example/950",
+        "comments": 0,
+        "body": CHILD_BODY_PLURAL,
+    }
+
+    parsed = mrp.parse_child_issue(issue)
+
+    assert parsed.number == 950
+    assert parsed.parent_issue == 949
+    assert parsed.checkout_notes == ["Validate on `upstream/main` or an equivalent synced checkout."]
+    assert [c.sha for c in parsed.commits] == ["b11753879", "700437440"]
+    assert parsed.targeted_tests == [
+        "tests/hermes_cli/test_ai_gateway_models.py",
+        "tests/run_agent/test_provider_attribution_headers.py",
+    ]
+    assert parsed.tasks == [
+        "Verify the picker ordering.",
+        "Verify attribution headers.",
+    ]
+    assert parsed.acceptance_criteria == [
+        "Picker shows AI Gateway prominently.",
+        "Headers appear on OpenRouter calls.",
+    ]
+
+
+def test_parse_child_issue_handles_singular_commit_heading_and_files_touched():
+    issue = {
+        "number": 961,
+        "title": "[QA] Verify web dashboard update/restart action buttons",
+        "state": "closed",
+        "html_url": "https://forge.example/961",
+        "comments": 16,
+        "body": CHILD_BODY_SINGULAR,
+    }
+
+    parsed = mrp.parse_child_issue(issue)
+
+    assert [c.sha for c in parsed.commits] == ["fc21c1420"]
+    assert parsed.files_touched == [
+        "web/src/pages/StatusPage.tsx",
+        "web/src/lib/api.ts",
+        "web/src/i18n/en.ts",
+    ]
+    assert parsed.tasks == [
+        "Open the Web UI status page and verify both buttons are present.",
+        "Click Restart Gateway in a safe environment.",
+    ]
+
+
+def test_build_packet_markdown_renders_summary_and_details():
+    epic_issue = {
+        "number": 949,
+        "title": "EPIC: Morning review packet — Hermes harness features landed 2026-04-21",
+        "state": "open",
+        "html_url": "https://forge.example/949",
+        "body": EPIC_BODY,
+    }
+    child_a = mrp.parse_child_issue({
+        "number": 950,
+        "title": "[QA] Verify AI Gateway provider UX + attribution headers",
+        "state": "open",
+        "html_url": "https://forge.example/950",
+        "comments": 0,
+        "body": CHILD_BODY_PLURAL,
+    })
+    child_b = mrp.parse_child_issue({
+        "number": 961,
+        "title": "[QA] Verify web dashboard update/restart action buttons",
+        "state": "closed",
+        "html_url": "https://forge.example/961",
+        "comments": 16,
+        "body": CHILD_BODY_SINGULAR,
+    })
+
+    markdown = mrp.build_packet_markdown(epic_issue, [child_a, child_b])
+
+    assert "# Morning Review Packet" in markdown
+    assert "EPIC: Morning review packet — Hermes harness features landed 2026-04-21" in markdown
+    assert "| #950 | open | 2 | 2 |" in markdown
+    assert "| #961 | closed | 1 | 0 |" in markdown
+    assert "## #950 — [QA] Verify AI Gateway provider UX + attribution headers" in markdown
+    assert "## #961 — [QA] Verify web dashboard update/restart action buttons" in markdown
+    assert "`b11753879` — attribution default_headers for ai-gateway provider" in markdown
+    assert "`web/src/pages/StatusPage.tsx`" in markdown

tests/tools/test_browser_json_repair.py

@@ -1,108 +0,0 @@
-import io
-import json
-import sys
-import types
-from unittest.mock import MagicMock, patch
-
-
-def _stub_auxiliary_client():
-    stub = types.ModuleType("agent.auxiliary_client")
-    stub.call_llm = lambda *args, **kwargs: None
-    stub.resolve_provider_client = lambda *args, **kwargs: (None, None)
-    stub.get_text_auxiliary_client = lambda *args, **kwargs: (None, None)
-    stub.async_call_llm = lambda *args, **kwargs: None
-    stub.extract_content_or_reasoning = lambda *args, **kwargs: ""
-    stub._OR_HEADERS = {}
-    stub._get_task_timeout = lambda *args, **kwargs: 30
-    sys.modules["agent.auxiliary_client"] = stub
-
-
-def test_run_browser_command_repairs_malformed_stdout_envelope(tmp_path):
-    _stub_auxiliary_client()
-    from tools.browser_tool import _run_browser_command
-
-    mock_proc = MagicMock()
-    mock_proc.returncode = 0
-    mock_proc.wait.return_value = 0
-    fake_session = {
-        "session_name": "test-session",
-        "session_id": "test-id",
-        "cdp_url": None,
-    }
-    malformed_stdout = "{'success': true, 'data': {'url': 'https://example.com',},}"
-
-    def fake_open(path, mode="r", *args, **kwargs):
-        path = str(path)
-        if path.endswith("_stdout_navigate"):
-            return io.StringIO(malformed_stdout)
-        if path.endswith("_stderr_navigate"):
-            return io.StringIO("")
-        raise FileNotFoundError(path)
-
-    with (
-        patch("tools.browser_tool._find_agent_browser", return_value="/usr/bin/agent-browser"),
-        patch("tools.browser_tool._get_session_info", return_value=fake_session),
-        patch("tools.browser_tool._socket_safe_tmpdir", return_value=str(tmp_path)),
-        patch("tools.browser_tool._merge_browser_path", side_effect=lambda p: p),
-        patch("tools.interrupt.is_interrupted", return_value=False),
-        patch("subprocess.Popen", return_value=mock_proc),
-        patch("os.open", return_value=99),
-        patch("os.close"),
-        patch("os.unlink"),
-        patch("builtins.open", side_effect=fake_open),
-    ):
-        result = _run_browser_command("task-1", "navigate", ["https://example.com"])
-
-    assert result["success"] is True
-    assert result["data"]["url"] == "https://example.com"
-
-
-def test_agent_browser_eval_repairs_malformed_json_result():
-    _stub_auxiliary_client()
-    from tools.browser_tool import _browser_eval
-
-    with patch(
-        "tools.browser_tool._run_browser_command",
-        return_value={"success": True, "data": {"result": "{'items': ['a', 'b',],}"}},
-    ):
-        result = json.loads(_browser_eval("document.body.innerText", task_id="test"))
-
-    assert result["success"] is True
-    assert result["result"] == {"items": ["a", "b"]}
-    assert result["result_type"] == "dict"
-
-
-def test_camofox_eval_repairs_malformed_json_result():
-    _stub_auxiliary_client()
-    from tools.browser_tool import _camofox_eval
-
-    with (
-        patch("tools.browser_camofox._ensure_tab", return_value={"tab_id": "tab-1", "user_id": "user-1"}),
-        patch("tools.browser_camofox._post", return_value={"result": "{'count': 3,}"}),
-    ):
-        result = json.loads(_camofox_eval("2+1", task_id="test"))
-
-    assert result["success"] is True
-    assert result["result"] == {"count": 3}
-    assert result["result_type"] == "dict"
-
-
-def test_browser_get_images_repairs_malformed_json_result():
-    _stub_auxiliary_client()
-    from tools.browser_tool import browser_get_images
-
-    with patch(
-        "tools.browser_tool._run_browser_command",
-        return_value={
-            "success": True,
-            "data": {
-                "result": "[{\"src\": \"https://example.com/cat.png\", \"alt\": \"cat\",}]"
-            },
-        },
-    ):
-        result = json.loads(browser_get_images(task_id="test"))
-
-    assert result["success"] is True
-    assert result["count"] == 1
-    assert result["images"] == [{"src": "https://example.com/cat.png", "alt": "cat"}]
-    assert "warning" not in result

tools/browser_tool.py

@@ -67,7 +67,6 @@ from typing import Dict, Any, Optional, List
 from pathlib import Path
 from agent.auxiliary_client import call_llm
 from hermes_constants import get_hermes_home
-from utils import repair_and_load_json
 
 try:
     from tools.website_policy import check_website_access
@@ -1172,12 +1171,8 @@ def _run_browser_command(
             return {"success": False, "error": f"Browser command '{command}' returned no output"}
 
         if stdout_text:
-            parsed = repair_and_load_json(
-                stdout_text,
-                default=None,
-                context=f"browser_{command}_stdout",
-            )
-            if isinstance(parsed, dict):
+            try:
+                parsed = json.loads(stdout_text)
                 # Warn if snapshot came back empty (common sign of daemon/CDP issues)
                 if command == "snapshot" and parsed.get("success"):
                     snap_data = parsed.get("data", {})
@@ -1186,35 +1181,35 @@ def _run_browser_command(
                                        "Possible stale daemon or CDP connection issue. "
                                        "returncode=%s", returncode)
                 return parsed
+            except json.JSONDecodeError:
+                raw = stdout_text[:2000]
+                logger.warning("browser '%s' returned non-JSON output (rc=%s): %s",
+                               command, returncode, raw[:500])
 
-            raw = stdout_text[:2000]
-            logger.warning("browser '%s' returned non-JSON output (rc=%s): %s",
-                           command, returncode, raw[:500])
-
-            if command == "screenshot":
-                stderr_text = (stderr or "").strip()
-                combined_text = "\n".join(
-                    part for part in [stdout_text, stderr_text] if part
-                )
-                recovered_path = _extract_screenshot_path_from_text(combined_text)
-
-                if recovered_path and Path(recovered_path).exists():
-                    logger.info(
-                        "browser 'screenshot' recovered file from non-JSON output: %s",
-                        recovered_path,
+                if command == "screenshot":
+                    stderr_text = (stderr or "").strip()
+                    combined_text = "\n".join(
+                        part for part in [stdout_text, stderr_text] if part
                     )
-                    return {
-                        "success": True,
-                        "data": {
-                            "path": recovered_path,
-                            "raw": raw,
-                        },
-                    }
+                    recovered_path = _extract_screenshot_path_from_text(combined_text)
 
-            return {
-                "success": False,
-                "error": f"Non-JSON output from agent-browser for '{command}': {raw}"
-            }
+                    if recovered_path and Path(recovered_path).exists():
+                        logger.info(
+                            "browser 'screenshot' recovered file from non-JSON output: %s",
+                            recovered_path,
+                        )
+                        return {
+                            "success": True,
+                            "data": {
+                                "path": recovered_path,
+                                "raw": raw,
+                            },
+                        }
+
+                return {
+                    "success": False,
+                    "error": f"Non-JSON output from agent-browser for '{command}': {raw}"
+                }
         
         # Check for errors
         if returncode != 0:
@@ -1782,11 +1777,10 @@ def _browser_eval(expression: str, task_id: Optional[str] = None) -> str:
     # is valid JSON, parse it so the model gets structured data.
     parsed = raw_result
     if isinstance(raw_result, str):
-        parsed = repair_and_load_json(
-            raw_result,
-            default=raw_result,
-            context="browser_eval_result",
-        )
+        try:
+            parsed = json.loads(raw_result)
+        except (json.JSONDecodeError, ValueError):
+            pass  # keep as string
 
     return json.dumps({
         "success": True,
@@ -1807,11 +1801,10 @@ def _camofox_eval(expression: str, task_id: Optional[str] = None) -> str:
         raw_result = resp.get("result") if isinstance(resp, dict) else resp
         parsed = raw_result
         if isinstance(raw_result, str):
-            parsed = repair_and_load_json(
-                raw_result,
-                default=raw_result,
-                context="camofox_eval_result",
-            )
+            try:
+                parsed = json.loads(raw_result)
+            except (json.JSONDecodeError, ValueError):
+                pass
 
         return json.dumps({
             "success": True,
@@ -1911,29 +1904,26 @@ def browser_get_images(task_id: Optional[str] = None) -> str:
     if result.get("success"):
         data = result.get("data", {})
         raw_result = data.get("result", "[]")
-
-        warning = None
-        if isinstance(raw_result, str):
-            images = repair_and_load_json(
-                raw_result,
-                default=None,
-                context="browser_get_images_result",
-            )
-        else:
-            images = raw_result
-
-        if not isinstance(images, list):
-            images = []
-            warning = "Could not parse image data"
-
-        payload = {
-            "success": True,
-            "images": images,
-            "count": len(images),
-        }
-        if warning:
-            payload["warning"] = warning
-        return json.dumps(payload, ensure_ascii=False)
+        
+        try:
+            # Parse the JSON string returned by JavaScript
+            if isinstance(raw_result, str):
+                images = json.loads(raw_result)
+            else:
+                images = raw_result
+            
+            return json.dumps({
+                "success": True,
+                "images": images,
+                "count": len(images)
+            }, ensure_ascii=False)
+        except json.JSONDecodeError:
+            return json.dumps({
+                "success": True,
+                "images": [],
+                "count": 0,
+                "warning": "Could not parse image data"
+            }, ensure_ascii=False)
     else:
         return json.dumps({
             "success": False,